<?php
/**
 * [商网通 System] Copyright swtshop.cn
 * QQ: 1170787711
 * Author: gj.name
 * This is NOT a freeware
*/
defined('IN_UQ') or exit('Access Denied');
class index_uqcms extends control
{
    function __construct()
    {
        $this->uid = @$_SESSION['user']['uid'];
        parent::__construct();
    }
    public function index()
    {
        header('Location:?m=buy');
    }
    private function chk_login()
    {
        if (!empty($_SESSION['user']['uid'])) {
            header('Location:member.php');
        } elseif (!empty($_SESSION['shop']['spid'])) {
            header('Location:member.php?m=shop');
        }
    }
    public function login()
    {
        $this->chk_login();
        $this->display();
    }
    public function login_do()
    {
        $username = !empty($_POST['username']) ? trim($_POST['username']) : error_json('手机号码不能为空');
        $password = !empty($_POST['password']) ? trim($_POST['password']) : error_json('密码不能为空');
        $vcode = !empty($_POST['vcode']) ? $_POST['vcode'] : error_json('验证码不能为空');
        if (strtolower($vcode) == $_SESSION['vcode']) {
            if (verify::is_email($username)) {
                $wsql = " email = '" . $username . "'";
            } elseif (verify::is_mobile($username)) {
                $wsql = " mobile = '" . $username . "'";
            } else {
                $wsql = " username = '" . $username . "'";
            }
            $row = $this->db->get_one("select * from " . table("member") . " where " . $wsql . " limit 1");
            $password = uqcms_password_hash($password, $row['rand']);
            if ($row['uid'] && $row['password'] == $password) {
                if ($row['status'] == 1) {
                    $this->module('user')->user_session($row);
                    if ($row['type'] == '2') {
                        $spRow = $this->db->get_one("select * from " . table('shop') . " where uid = " . $row['uid']);
                        if ($spRow && $spRow['id']) {
                            $this->module('user')->create_shop_session($spRow);
                        }
                    }
                    $query = $this->db->update(table('member'), array('last_login_ip' => get_ip(), 'last_login_time' => time()), 'uid = ' . $row['uid']);
                    $_SESSION['vcode'] = '';
                    right_json();
                } else {
                    $_SESSION['vcode'] = '';
                    error_json('账户已经冻结');
                }
            } else {
                $_SESSION['vcode'] = '';
                error_json('用户名或者密码错误');
            }
        } else {
            $_SESSION['vcode'] = '';
            error_json('验证码错误');
        }
    }
    public function register()
    {
        $this->chk_login();
        $this->display();
    }
    function do_register()
    {
        $username = isset($_POST['username']) ? $_POST['username'] : error_json('手机号码不能为空');
        $password = isset($_POST['password']) ? $_POST['password'] : error_json('密码不能为空');
        $repasswd = isset($_POST['repasswd']) ? $_POST['repasswd'] : error_json('重复密码不能为空');
        $smscode = isset($_POST['smscode']) ? $_POST['smscode'] : error_json('短信验证码不能为空');
        $rand = get_rand(4);
        $data['password'] = uqcms_password_hash($password, $rand);
        $data['rand'] = $rand;
        $data['status'] = '1';
        $data['register_ip'] = get_ip();
        $data['last_login_ip'] = get_ip();
        $data['last_login_time'] = time();
        $data['addtime'] = time();
        if ($password == $repasswd) {
            if (verify::is_mobile($username)) {
                if ($_SESSION['sms_mobile'] == $username) {
                    if (!empty($smscode) && $smscode == $_SESSION['sms_code']) {
                        $ck_row = $this->db->get_one("select uid,mobile from " . table('member') . " where mobile = '" . $username . "'");
                        if (!$ck_row['uid']) {
                            $data['mobile'] = $username;
                            $query = $this->db->add(table('member'), $data);
                            if ($query) {
                                $uid = $this->db->insert_id();
                                $this->module('user')->friend_relate($uid);
                                $user_row = $this->db->get_one("select * from " . table('member') . " where uid = " . $uid);
                                $this->module('user')->user_session($user_row);
                                $arr['error'] = '0';
                                $_SESSION['smscode'] = '';
                                right_json($arr);
                            } else {
                                error_json('注册失败');
                            }
                        } else {
                            error_json('该用户存在');
                        }
                    } else {
                        error_json('短信验证码不正确');
                    }
                } else {
                    error_json('提交的号码和验证的号码不一致');
                }
            } else {
                error_json('电话号码格式不正确');
            }
        } else {
            error_json('两次密码输入不一致');
        }
    }
    public function forget()
    {
        $this->chk_login();
        $this->display();
    }
    public function forget_check()
    {
        if ($_POST) {
            $username = isset($_POST['username']) ? trim($_POST['username']) : error_json('手机号码不能为空');
            $sms_code = isset($_POST['sms_code']) ? trim($_POST['sms_code']) : error_json('短信验证码不能为空');
            echo $this->module('user')->forget_check($username, $sms_code);
        } else {
            error_json('访问错误');
        }
    }
    public function forget_reset()
    {
        $tokens = isset($_GET['token']) ? $_GET['token'] : '';
        if (empty($tokens)) {
            $tokens = isset($_SESSION['mobile_update_token']) ? $_SESSION['mobile_update_token'] : exit('获取地址错误');
        } else {
            @($_SESSION['mobile_update_token'] = $tokens);
        }
        $tokens = base64_decode($tokens);
        $token_user = explode('|', $tokens);
        $username = $token_user[0];
        $token = $token_user[1];
        $row = $this->module('user')->check_user($username);
        if ($row['uid']) {
            if ($token == md5($row['uid'] . $username . $row['password'])) {
                if (time() - $row['refresh_time'] > 60 * 15) {
                    showmsg('该链接已过期,请重新操作找回密码！', 'member.php?a=forget');
                }
            } else {
                showmsg('页面提交错误');
            }
        } else {
            showmsg('页面提交错误');
        }
        $this->display();
    }
    public function forget_reset_submit()
    {
        if ($_POST) {
            $password = !empty($_POST['password']) ? $_POST['password'] : error_json('密码不能为空');
            $repasswd = !empty($_POST['repasswd']) ? $_POST['repasswd'] : error_json('重复密码不能为空');
            if ($password == $repasswd) {
                $tokens = isset($_SESSION['mobile_update_token']) ? $_SESSION['mobile_update_token'] : error_json('验证错误');
                $tokens = base64_decode($tokens);
                $token_user = explode('|', $tokens);
                $username = $token_user[0];
                $token = $token_user[1];
                $row = $this->module('user')->check_user($username);
                if ($row['uid']) {
                    if ($token == md5($row['uid'] . $username . $row['password'])) {
                        if (time() - $row['refresh_time'] > 60 * 15) {
                            error_json('该链接已过期,请重新操作找回密码！');
                        } else {
                            $newPassword = uqcms_password_hash($password, $row['rand']);
                            if (verify::is_email($username)) {
                                $query = $this->db->update(table('member'), array('password' => $newPassword), "uid = " . $row['uid']);
                            } else {
                                if (verify::is_mobile($username)) {
                                    $query = $this->db->update(table('member'), array('password' => $newPassword), "uid = " . $row['uid']);
                                }
                            }
                            if ($query) {
                                $this->db->update(table('member'), array('refresh_time' => time() - 60 * 15), 'uid = ' . $row['uid']);
                                $result['error'] = '0';
                                $result['msg'] = '修改成功';
                                echo json_encode($result);
                            } else {
                                error_json('修改失败');
                            }
                        }
                    } else {
                        error_json('页面访问错误');
                    }
                } else {
                    error_json('提交错误，用户不存在');
                }
            } else {
                error_json('两次密码输入不一致');
            }
        } else {
            error_json('访问错误');
        }
    }
    public function get_sms_code()
    {
        if ($_POST) {
            $mobile = !empty($_POST['mobile']) ? $_POST['mobile'] : error_json('电话号码不能为空');
            $vcode = !empty($_POST['vcode']) ? $_POST['vcode'] : error_json('图形验证码不能为空');
            $check_user = !empty($_POST['check_user']) ? true : false;
            $this->module('user')->send_register_sms($mobile, $vcode, $check_user);
        } else {
            error_json('提交错误');
        }
    }
    public function logout()
    {
        unset($_SESSION['user']);
        unset($_SESSION['shop']);
        unset($_SESSION['wchat']);
        unset($_SESSION['connect']);
        if (empty($refererUrl)) {
            if (cfg('browser') == 'wap') {
                showmsg('成功退出，正在跳转！', 'wap.php?m=member&a=login');
            } else {
                showmsg('成功退出，正在跳转！', 'member.php?a=login');
            }
        } else {
            showmsg('成功退出，正在跳转！', 'member.php?a=login');
        }
    }
    function connect()
    {
        $alias = isset($_GET['alias']) ? $_GET['alias'] : showmsg('提交错误');
        $state = isset($_GET['state']) ? $_GET['state'] : '1';
        $jump = $this->login_class($alias, $state);
        $jump->jump_url();
    }
    function login_class($alias, $state)
    {
        $referer_url = cfg('site_url') . 'member.php?a=connect_back&alias=' . $alias;
        $param_arr = $this->db->get_one("select alias,app_key,app_secret from " . table("api_login") . " where alias = '" . $alias . "' limit 1");
        $nname = 'login_' . $alias;
        $act_login = new $nname($param_arr, $referer_url, $state);
        return $act_login;
    }
    function connect_back()
    {
        $alias = isset($_GET['alias']) ? $_GET['alias'] : showmsg('SYSTEM ERROR');
        $state = isset($_GET['state']) ? $_GET['state'] : '1';
        $code = isset($_GET['code']) ? $_GET['code'] : showmsg('CODE NULL');
        if ($code) {
            $conn_act = $this->login_class($alias, $state);
            $acc_token = $conn_act->getAccessToken($code);
            if ($acc_token['openid']) {
                $openid = $acc_token['openid'];
                $conninfo = $conn_act->get_info($acc_token['access_token'], $openid);
                $_SESSION['connect'][$alias]['openid'] = $openid;
                $_SESSION['connect'][$alias]['access_token'] = $acc_token['access_token'];
                $_SESSION['connect'][$alias]['nick'] = $conninfo['nick'];
                $_SESSION['connect'][$alias]['avatar'] = $conninfo['avatar'];
                $_SESSION['connect'][$alias]['sex'] = $conninfo['sex'];
                $field_row = $alias . '_uid';
                if ($this->uid) {
                    $row = $this->db->get_one("select * from " . table("member") . " where " . $field_row . " = '" . $openid . "' limit 1");
                    if ($row['uid']) {
                        if ($row['uid'] == $this->uid) {
                            showmsg('已经绑定');
                        } else {
                            showmsg('已经绑定');
                        }
                    } else {
                        $data[$field_row] = $openid;
                        $query = $this->db->update(table('member'), $data, 'uid = ' . $this->uid);
                        if ($query) {
                            showmsg('已经绑定');
                        } else {
                            showmsg('绑定失败');
                        }
                    }
                } else {
                    $row = $this->db->get_one("select * from " . table("member") . " where " . $field_row . " = '" . $openid . "' limit 1");
                    if ($row['uid']) {
                        $exec = $this->module('user')->user_session($row);
                        if (cfg('browser') == 'pc') {
                            header("Location:member.php");
                        } else {
                            header("Location:wap.php?m=member");
                        }
                    } else {
                        if (cfg('browser') == 'pc') {
                            header("Location:member.php?m=index&a=login_conn&alias=" . $alias);
                        } else {
                            header("Location:wap.php?m=member&a=login_conn&alias=" . $alias);
                        }
                    }
                }
            } else {
                showmsg('授权错误，获取用户错误');
            }
        } else {
            showmsg('提交错误');
        }
    }
    function login_bind()
    {
        $mobile = isset($_POST['username']) ? trim($_POST['username']) : error_json('用户名不能为空');
        $smscode = isset($_POST['smscode']) ? $_POST['smscode'] : error_json('短信验证码不能为空');
        $bind_type = isset($_POST['bind_type']) ? trim($_POST['bind_type']) : error_json('绑定类型错误');
        if (trim($mobile) == $_SESSION['sms_mobile']) {
            if (trim($smscode) == $_SESSION['sms_code']) {
                $row_bind = $bind_type . '_uid';
                $row = $this->db->get_one("select * from " . table('member') . " where mobile = '" . $mobile . "'");
                if ($row) {
                    $openid = $_SESSION['connect'][$bind_type]['openid'];
                    $ck_row = $this->db->get_one("select * from " . table('member') . " where " . $row_bind . " = '" . $openid . "' limit 1");
                    if ($ck_row) {
                        if ($ck_row[$row_bind]) {
                            error_json('该账号已经绑定');
                        } else {
                            $data[$row_bind] = $openid;
                            if ($row['uid']) {
                                $query = $this->db->update(table('member'), $data, 'uid = ' . $row['uid']);
                                if ($query) {
                                    $this->module('user')->user_session($row);
                                    right_json();
                                } else {
                                    error_json('绑定失败');
                                }
                            } else {
                                $data['rand'] = get_rand(7);
                                $data['mobile'] = $mobile;
                                $data['status'] = '1';
                                $data['register_ip'] = get_ip();
                                $data['last_login_ip'] = get_ip();
                                $data['last_login_time'] = time();
                                $data['addtime'] = time();
                                $query = $this->db->add(table('member'), $data);
                                if ($query) {
                                    $uid = $this->db->insert_id();
                                    $urow = $this->db->get_one("select * from " . table('member') . " where uid = " . $uid . " limit 1");
                                    $this->module('user')->user_session($urow);
                                    right_json();
                                } else {
                                    error_json('绑定失败');
                                }
                            }
                        }
                    } else {
                        error_json('系统繁忙：openid check!');
                    }
                } else {
                    error_json('系统繁忙');
                }
            } else {
                error_json('验证码不正确');
            }
        } else {
            error_json('接收电话和验证码的不一致');
        }
    }
}